Cyberduck Mountain Duck CLI

#87 closed defect (duplicate)

Certificate not saved in Keychain

Reported by: anonymous Owned by: dkocher
Priority: high Milestone: 3.0
Component: ftp-tls Version: 3.1.2
Severity: major Keywords: ssl always accept
Cc: Architecture:
Platform:

Description

the checkbox "always accept certificate" (when using a ftp-ssl connection and an untrusted certificate) does not show any effect. you must reaccept the certificate for every connection such as downloading a file etc.

i would be a great if you would be able to correct the code, thx :)

btw. i hope the priority i set (high) is okey. in my mind it is a quite big problem. maybe because i am using a ssl-ftp server?

Change History (25)

comment:1 Changed on Jan 6, 2006 at 2:01:10 PM by dkocher

I cannot reproduce this. Pleae check if the accepted certificate gets added to your keychain. Also check the console.log for a possible failure notice.

comment:2 Changed on Jan 7, 2006 at 11:27:14 AM by anonymous

hm i don't know why but after a view trys it started to work, sorry i can reproduce the error again :/

if it happens again, i'll post it.

comment:3 Changed on Jan 10, 2006 at 12:02:23 AM by dkocher

  • Resolution set to worksforme
  • Status changed from new to closed

comment:4 Changed on Feb 26, 2006 at 10:03:03 PM by anonymous

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I have this problem when connecting to upload.comcast.net with FTP over SSL. The certificate does not get added to the keychain. This is with Cyberduck version 2.5.4. http://minniemousepartysupplies.com - http://bachelorettepartysupplies.org

Last edited on Oct 26, 2010 at 7:04:56 PM by catalept (previous) (diff)

comment:5 Changed on Feb 27, 2006 at 9:49:42 PM by dkocher

Again, this works for me here (using upload.comcast.net). Could you try if it works when you replace the login.keychain with a new one?

comment:6 Changed on May 12, 2006 at 1:10:37 AM by dkocher

  • Milestone 2.6 deleted
  • Resolution set to worksforme
  • Status changed from reopened to closed

comment:7 Changed on May 17, 2006 at 6:24:55 AM by mudrion@…

  • Resolution worksforme deleted
  • Status changed from closed to reopened
  • Version changed from 2.5.3 to 2.5.5

We have the same problem with 2.5.5 connecting to linux ftp server with vsftpd and ssl support - ssl every time needs to accept :( Plese fix this bug

Thank you

comment:8 Changed on Dec 21, 2006 at 8:38:10 PM by dkocher

  • Resolution set to worksforme
  • Status changed from reopened to closed

Please repoen this ticket if this is still an issue in 2.7.x release. I could never reproduce this. Verify your Keychain using Keychain Access.app > Main Menu > Keychain First Aid.

comment:9 Changed on Feb 6, 2007 at 1:36:08 AM by sam

  • Milestone changed from 2.5.1 to 2.7.3
  • Resolution worksforme deleted
  • Status changed from closed to reopened
  • Version changed from 2.5.5 to 2.7.2

I am having the same problem. The certificate does not get added to the Keychain, on the Console does not show an error when I click [x] Add to Keychain & Continue. (However I see an "IO Error: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No trusted certificate found" when clicking _Disconnect_).

This used to work without problems in earlier versions, they problem appeared suddenly with existing bookmarks (either due to a system upgrade or a Cyberduck upgrade?).

OS X 10.4.8 Java version "1.5.0_06"

comment:10 Changed on Feb 6, 2007 at 1:54:59 PM by dkocher

  • Milestone 2.7.3 deleted

comment:11 Changed on Feb 7, 2007 at 9:46:13 AM by sam

Addendum: The Keychain was verified, seems OK. I did, however, enable FileVault a while ago, though it seems unlikely to me that this could be related.

comment:12 Changed on Apr 12, 2007 at 4:42:46 PM by dkocher

#1092 closed as duplicate.

comment:13 Changed on Apr 15, 2007 at 2:35:01 PM by sam

This works for me now (2.7.4/Intel)

comment:14 Changed on Apr 15, 2007 at 2:36:03 PM by sam

Sorry, 2.7.3

comment:15 Changed on Apr 15, 2007 at 7:22:22 PM by dkocher

  • Summary changed from always accept certificate doesn't work to Certificate not saved in Keychain

comment:16 follow-up: Changed on Jan 31, 2008 at 6:38:44 AM by anonymous

I'm experiencing this on an Intel MacBook running Leopard and Cyberduck 2.8.4.

comment:17 in reply to: ↑ 16 Changed on Jan 31, 2008 at 10:46:02 AM by anonymous

Replying to anonymous:

I'm experiencing this on an Intel MacBook running Leopard and Cyberduck 2.8.4.

Also tried replacing my login keychain with a fresh one and still not saving.

comment:18 Changed on Feb 10, 2008 at 9:43:16 PM by anonymous

Same probleme here in 2.8.4

comment:19 Changed on Mar 1, 2008 at 10:45:35 PM by jwq

I see this problem with my hosted domain's FTP server with 2.8.4 under Mac OS X 10.4.11.

A note on my setup: My default keychain is not "login" and the keychain password is different from my login password, but CyberDuck seems to be quite happy to access this default keychain for FTP passwords and gives every appearance of trying to save the SSL certificate there.

A separate issue, perhaps: I have the signing certificate for the FTP server's certificate imported into the OS's X509Anchors keychain, but it seems that CyberDuck is not checking/using that keychain.

Another separate issue: the certificate accept dialog has "Continue" as the default button, but I have to press the return key twice to select that button and dismiss the dialog.

comment:20 Changed on Mar 26, 2008 at 8:33:54 PM by dkocher

  • Milestone set to 3.0

comment:21 Changed on Mar 26, 2008 at 11:02:21 PM by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

Changed the implementation in r3617.

comment:22 Changed on Feb 11, 2009 at 10:57:48 AM by anonymous

  • Version changed from 2.7.2 to 3.1.2

problem appears again with 3.1.2, in the former version it was ok. Mac OS 10.5.6

comment:23 Changed on Mar 4, 2009 at 11:04:10 PM by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

Same here, problem (re-)appeared with 3.1.2 (connecting to the same server with the same certificate works fine in other OS X applications).

comment:24 Changed on Mar 19, 2009 at 11:06:24 AM by dkocher

  • Resolution set to duplicate
  • Status changed from reopened to closed

This might be because the certificate has expired. Then the Always trust feature does not work as expected. Otherwise you have to restart Cyberduck to make it see the newly updated trust setting from the Keychain.

Issue is now tracked in #2938.

comment:25 Changed on Mar 23, 2009 at 9:13:10 AM by ellpod

i can confirm the issue, working with a self-signed certificate, which is NOT expired. cyberduck presents a popup window for every connection. clicking on continue asks for admin credentials, yet when clicking cancel instead of supplying admin password the connection is opened.

the certificate is set to "always trust" in keychain access, when clicking on always trust and supplying admin password in cyberduck, most of the trust settings for the certificate are reset to "no value specified".

Note: See TracTickets for help on using tickets.
swiss made software